10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
Recent assessments:
gwillcox-r7 at November 22, 2020 3:46am UTC reported:
Reported as exploited in the wild as part of Googleβs 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
helpx.adobe.com/security/products/flash-player/apsa15-01.html
helpx.adobe.com/security/products/flash-player/apsb15-03.html
lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html
lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html
malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
secunia.com/advisories/62432
secunia.com/advisories/62543
secunia.com/advisories/62650
secunia.com/advisories/62660
secunia.com/advisories/62740
security.gentoo.org/glsa/glsa-201502-02.xml
www.securityfocus.com/bid/72283
www.securitytracker.com/id/1031597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0311
technet.microsoft.com/library/security/2755801